On June 22nd, 2021, researchers discovered new details about the SonicWall vulnerability which was disclosed in October of last year was only partially fixed.  The vulnerability, a critical stack-based Buffer Overflow, tracked as CVE-2020-5135, was known to impact over 800,000 SonicWall VPNs.  Once exploited the vulnerability would allow unauthenticated remote attackers to execute arbitrary code on the impacted device.

Unfortunately, it has been determined the vulnerability was not properly patched.  This vulnerability is now being tracked under, CVE-2021-20019.  SonicWall has issued a statement advising they were made “aware, tested and patched a non-critical buffer overflow vulnerability that impacted versions of SonicOS.”  Furthermore, SonicWall stated they are not aware of the vulnerability being exploited in the wild.  SonicWall has now released advisories related to this vulnerability which includes further information on the fixed versions.(1, 2)

How BW Cyber Services Can Help

While there is no single way to prevent being targeted, BW Cyber Services can help you develop a comprehensive cyber compliance security program to prevent and respond to future attacks which affect your operations.  Specifically, BW Cyber Services has developed an industry leading service, BW Secure™, to test and identify firewall vulnerabilities whether they are at your office or at home. For more information on how BW Cyber Services can assist you, please contact us at info@bwcyberservices.com.